You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
But… it isn't an error.
I somewhat agree with increasing the level to Warning, but no higher than that.
I'm even torn if we shouldn't leave it as Info since especially on public instances your logs will get spammed with unnecessary logs you cannot change.
But… it isn't an error. I somewhat agree with increasing the level to Warning, but no higher than that. I'm even torn if we shouldn't leave it as Info since especially on public instances your logs will get spammed with unnecessary logs you cannot change.
I don't know how useful it is to argue about semantics in this case... Just read your post in the issue how you define error - I can see your point, that a failed login could just be an Info but on the other hand it is a failed login process in a code block which deals explicitly with errors... that's why I changed it to Error.
If you can live with raising it to Warning that would be also fine for me... my issue is, that on our productive system the log has a lot of unnecessary Info logs I don't need BUT I need to see the failed logins for fail2ban, therefore I would like to be able to raise the log level.
I agree those are not errors. Errors should be a system problem, but when inputting the wrong password, the system is right but the man inputting the password may made a mistaken. Or it's an attack. But whatever which one it is, it's not an error.
I agree those are not errors. Errors should be a system problem, but when inputting the wrong password, the system is right but the man inputting the password may made a mistaken. Or it's an attack. But whatever which one it is, it's not an error.
How about the the alternative setting it to Warning?
PR for issue #31968
Replaces PR #31983 to comply with gitea's error definition
Failed authentications are now logged to level `Warning` instead of
`Info`.
go-gitea
locked as resolved and limited conversation to collaborators
Dec 9, 2024
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
lgtm/need 2This PR needs two approvals by maintainers to be considered for merging.modifies/goPull requests that update Go code
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GiteaBot
added
the
lgtm/need 2
PR for issue #31968.
Failed authentications are now logged to level Error instead of Info.